Skip to content

Close DBus connection after each Linux operation#544

Merged
Benehiko merged 2 commits into
docker:mainfrom
rcjsuen:sbx-fd-leaks
Jun 2, 2026
Merged

Close DBus connection after each Linux operation#544
Benehiko merged 2 commits into
docker:mainfrom
rcjsuen:sbx-fd-leaks

Conversation

@rcjsuen
Copy link
Copy Markdown
Contributor

@rcjsuen rcjsuen commented Jun 2, 2026

Built on top of #542 with the tests removed.

eginez and others added 2 commits June 1, 2026 16:06
@eginez @claude
fix(keychain): close D-Bus connection after each Linux operation
022491b 
On Linux every keychain operation (Get/Save/Delete/GetAllMetadata/Filter)
dials a fresh private session-bus connection via NewService ->
dbus.ConnectSessionBus, but only closed the secret-service session, never
the connection itself. Each call therefore leaked one socket file
descriptor, and long-lived processes eventually exhausted the session
bus's max_connections_per_user limit (failing with "maximum number of
active connections has been reached").

Add SecretService.Close to release the connection and defer it in every
operation. A regression test asserts the process's open-fd count stays
flat across repeated lookups.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@rcjsuen
Remove the test
a985e45 
Signed-off-by: Remy Suen <remy.suen@docker.com>
@Benehiko Benehiko merged commit 033ebde into docker:main Jun 2, 2026
11 of 19 checks passed
@Benehiko Benehiko mentioned this pull request Jun 2, 2026
Merged
@rcjsuen rcjsuen deleted the sbx-fd-leaks branch June 2, 2026 13:02
@rcjsuen rcjsuen mentioned this pull request Jun 2, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Benehiko Benehiko Benehiko approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rcjsuen @Benehiko @eginez